Earlier today, the privacy engineering team at NIST released its draft NIST Internal Report 8062, Privacy Risk Management for Federal Information Systems, and is seeking comments on that draft. This report introduces a privacy risk management framework (PRMF) for anticipating and addressing privacy risks that result from the processing of personal information in federal information technology systems. In particular, it focuses on three privacy engineering objectives—predictability, manageability, and disassociability—and a privacy risk model.

It can be hard to serve as an early adopter of new technology. It usually means having very few (or no) examples to demonstrate what to do…and what not to do. Being the guinea pig is no easy feat, but we at the NSTIC NPO are embracing the challenge since we believe this is vital to facilitating the commercial adoption of identity solutions. After all, the NSTIC was clear that building a healthy identity ecosystem would require government to eat its own dog food.

The Identity Ecosystem Steering Group (IDESG), now in its third year, is a key part of the National Strategy for Trusted Identities in Cyberspace (NSTIC). It serves as a forum to build the core set of rules and standards to promote privacy, security, interoperability, and ease of use for online services.

Today we celebrate the most special of days for the NSTIC National Program Office. Four years ago at the U.S. Chamber of Commerce in Washington, D.C., we released the President’s strategy to enhance the choice, efficiency, security, and privacy of online transactions.

As the NSTIC pilots develop and implement innovative identity solutions, they are confronting head-on the challenges of attempting to convince the marketplace to adopt them. We are enthusiastic about organizations that are pioneering new identity technologies, but recognize that widespread adoption of these technologies require that they be interoperable. Standards are essential here; without them, consumers and businesses have no way to easily adopt these technologies, or judge how – if at all – to trust them.

As the NSTIC pilots develop and implement innovative identity solutions, they are confronting head-on the challenges of attempting to convince the marketplace to adopt them. We are enthusiastic about organizations that are pioneering new identity technologies, but recognize that widespread adoption of these technologies require that they be interoperable. Standards are essential here; without them, consumers and businesses have no way to easily adopt these technologies, or judge how – if at all – to trust them.

Next month, the National Strategy for Trusted Identities in Cyberspace will celebrate its fourth “NSTICiversary” – marking four years since President Obama called for industry, advocates, agencies, academics, and individuals to collaborate to make online transactions more secure for businesses and consumers alike.

The NSTIC NPO has just announced a new funding opportunity with a special focus on privacy enhancing technologies. NSTIC is soliciting applications from eligible applicants to pilot privacy-enhancing technologies that embrace and advance the NSTIC vision and contribute to the maturity of the Identity Ecosystem the NSTIC envisions: promote secure, privacy-enhancing, and user-friendly ways to give individuals and organizations convenience in their online interactions.

The Identity Ecosystem Steering Group (IDESG) has been hard at work delivering on version 1 of the Identity Ecosystem Framework (IDEF). This week, the steering group hit a major milestone: meeting a March 16th deadline for developing baseline requirements for the IDEF.

The NSTIC NPO has just announced a 4th round of pilot program funding in 2015 for fresh and innovative identity solutions! The Strategy calls for the private sector to lead the development of an identity ecosystem where individuals can choose from a variety of credentials to use in lieu of passwords for interactions online. These pilots will ultimately address barriers to the identity ecosystem and seed the marketplace with “NSTIC-aligned” solutions to enhance privacy, security, and convenience in online transactions. We are excited to share this news with innovators of all kinds so they will apply for funding in order to address the toughest challenges in identity management. Pilots should create and demonstrate solutions that can help jumpstart the adoption of trusted strong authentication technologies in lieu of passwords, in alignment with the NSTIC.

We are excited to see the Identity Ecosystem Steering Group (IDESG) kicking off 2015 in a big way. In its third year as an organization, the IDESG is gathering at the 12th plenary (January 28-30 in Atlanta), charging ahead with the creation of an Identity Ecosystem Framework that can help provide a foundation to underpin implementation of the NSTIC.

Addressing Health IT privacy and security concerns are complicated. Often the focus is to zero in on a specific technical solution and leave the often more important issues – policy, privacy, business rules – for others to solve. But as we’ve seen, too many times these other issues are left unaddressed – and progress is hindered.

Identity is critical to Health Information Technology (HIT), particularly when it comes to sharing health information online. Patients and health providers aren’t going to share personal information if they can’t solve the “identity conundrum” – how to validate that information is going to the right person.

Whether you are 19 or 91, protecting your identity is extremely important – particularly as identity breaches become more pervasive and affect more people worldwide. A recent study revealed the concerns about identity theft are high, with four out of five adults calling identity theft a concern, and about half calling it a “major” concern.*

Last week, President Obama signed a new Executive Order calling for “all agencies making personal data accessible to citizens through digital applications” to “require the use of multiple factors of authentication and an effective identity proofing process.” The President set a deadline of 18 months for agencies to comply.